<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--

    Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file
    distributed with this work for additional information
    regarding copyright ownership.  The ASF licenses this file
    to you under the Apache License, Version 2.0 (the
    "License"); you may not use this file except in compliance
    with the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.

-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<title>web.xml Visual Editor: Security Constraints</title>
<link rel="stylesheet" href="ide.css" title="Oracle BLAFDoc" type="text/css"/>
</head>

<body>
<p><a id="dd_multiview_security_securityconstraintsNode" name="dd_multiview_security_securityconstraintsNode"></a></p>
<div id="NBCSH3882"><!-- infolevel="all" infotype="General" --><a id="sthref525" name="sthref525"></a>
<h1>web.xml Visual Editor: Security Constraints</h1>
<a name="BEGIN" id="BEGIN"></a>
<p>Use the Security Constraints section of the <code dir="ltr">web.xml</code> Visual Editor to add and configure security constraints for your web application. 
<object classid="java:org.netbeans.modules.javahelp.BrowserDisplayer">
<param name="content" value="http://www.oracle.com/pls/topic/lookup?ctx=nb8200&id=NBDAG1114">
<param name="text" value="<html><u>How?</u></html>">
<param name="textFontSize" value="medium">
<param name="textColor" value="blue">
</object>
</p>
<p>The following fields appear in a constraint section when you create a new constraint or edit an existing one.</p>

<table summary="User interface elements and descriptions" dir="ltr" border="1" width="100%" frame="hsides" rules="groups" cellpadding="3" cellspacing="0">
<col width="24%" />
<col width="*" />
<thead>
<tr align="left" valign="top">
<th align="left" valign="bottom" id="r1c1-t22">Element</th>
<th align="left" valign="bottom" id="r1c2-t22">Description</th>
</tr>
</thead>
<tbody>
<tr align="left" valign="top">
<td align="left" id="r2c1-t22" headers="r1c1-t22">
<p>Display Name</p>
</td>
<td align="left" headers="r2c1-t22 r1c2-t22">A unique name that identifies the security constraint.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r3c1-t22" headers="r1c1-t22">
<p>Web Resource Collection</p>
</td>
<td align="left" headers="r3c1-t22 r1c2-t22">A list of URL patterns and HTTP methods that describe a set of Web resources to be protected.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r4c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Name</p>
</td>
<td align="left" headers="r4c1-t22 r1c2-t22">A unique name that identifies the web resource.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r5c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;URL Pattern</p>
</td>
<td align="left" headers="r5c1-t22 r1c2-t22">URL patterns separated by commas.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r6c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;HTTP Method</p>
</td>
<td align="left" headers="r6c1-t22 r1c2-t22">The HTTP method or methods used for this web resource.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r7c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Description</p>
</td>
<td align="left" headers="r7c1-t22 r1c2-t22">An optional description of the web resource.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r8c1-t22" headers="r1c1-t22">
<p>Enable Authentication Constraint</p>
</td>
<td align="left" headers="r8c1-t22 r1c2-t22">An authorization rule that determines who belong to a particular role is permitted to access a Web resource collection.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r9c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Description</p>
</td>
<td align="left" headers="r9c1-t22 r1c2-t22">An optional description of the authentication constraint.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r10c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Role Name(s)</p>
</td>
<td align="left" headers="r10c1-t22 r1c2-t22">List of roles separated by commas. These roles must match the roles defined in the Security Roles table.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r11c1-t22" headers="r1c1-t22">Enable User Data Constraint</td>
<td align="left" headers="r11c1-t22 r1c2-t22">Indicates how data between a client and a Web container should be protected. The protection can be the prevention of tampering with the data or prevention of eavesdropping on the data.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r12c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Description</p>
</td>
<td align="left" headers="r12c1-t22 r1c2-t22">An optional description of the user data constraint.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r13c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;Transport Guarantee</p>
</td>
<td align="left" headers="r13c1-t22 r1c2-t22">The type of guarantee for the transport: NONE, INTEGRAL, or CONFIDENTIAL.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r14c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;INTEGRAL</p>
</td>
<td align="left" headers="r14c1-t22 r1c2-t22">Ensures that communication between entities is not being tampered with by another party, especially one that can intercept and modify their communications. Integrity mechanisms can also be used to ensure that messages can only be used once.</td>
</tr>
<tr align="left" valign="top">
<td align="left" id="r15c1-t22" headers="r1c1-t22">
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CONFIDENTIAL</p>
</td>
<td align="left" headers="r15c1-t22 r1c2-t22">Ensures private communication between entities. Privacy is achieved by encrypting the message contents.</td>
</tr>
</tbody>
</table>
<br />
<!-- -->
<a id="NBCSH3896" name="NBCSH3896"></a>
<hr><p><b>Related Topics</b></p>
<p><i>Developing Applications with NetBeans IDE</i>, 
<object classid="java:org.netbeans.modules.javahelp.BrowserDisplayer">
<param name="content" value="http://www.oracle.com/pls/topic/lookup?ctx=nb8200&id=NBDAG2812">
<param name="text" value="<html><u>&quot;About Deployment Descriptors&quot;</u></html>">
<param name="textFontSize" value="medium">
<param name="textColor" value="blue">
</object>
</p>
<p><i>Developing Applications with NetBeans IDE</i>, 
<object classid="java:org.netbeans.modules.javahelp.BrowserDisplayer">
<param name="content" value="http://www.oracle.com/pls/topic/lookup?ctx=nb8200&id=NBDAG1111">
<param name="text" value="<html><u>&quot;Configuring a Web Application&quot;</u></html>">
<param name="textFontSize" value="medium">
<param name="textColor" value="blue">
</object>
</p>

<!-- -->
<!-- Start Footer -->


<table summary="" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td align="left" width="86%"><a href="legal_notice.htm">
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements; and to You under the Apache License, Version 2.0.</a>
</td>
</tr>
</table>
<!-- -->
</body>
</html>
